[pve-devel] [PATCH cluster v5 09/17] pvecm add: use API by default to join cluster

[Thomas Lamprecht]

Default to using the API for a add node procedure.

But, allow the user to manually fall back to the legacy SSH method.
Also fallback if the API detected an not up to date peer, this is
done by checking for the 501 HTTP_NOT_IMPLEMENTED response code.

This could be removed in a later major release, e.g. 6.0.

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
 data/PVE/CLI/pvecm.pm | 47 +++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 41 insertions(+), 6 deletions(-)

diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm
index 4659d4b..5a8fcbc 100755
--- a/data/PVE/CLI/pvecm.pm
+++ b/data/PVE/CLI/pvecm.pm
@@ -10,7 +10,9 @@ use PVE::Tools qw(run_command);
 use PVE::Cluster;
 use PVE::INotify;
 use PVE::JSONSchema;
+use PVE::RPCEnvironment;
 use PVE::CLIHandler;
+use PVE::PTY;
 use PVE::API2::ClusterConfig;
 use PVE::Corosync;
 
@@ -24,6 +26,10 @@ my $libdir = "/var/lib/pve-cluster";
 my $authfile = "/etc/corosync/authkey";
 
 
+sub setup_environment {
+    PVE::RPCEnvironment->setup_default_cli_env();
+}
+
 __PACKAGE__->register_method ({
     name => 'keygen',
     path => 'keygen',
@@ -251,6 +257,14 @@ __PACKAGE__->register_method ({
 		    " needs an valid configured ring 1 interface in the cluster.",
 		optional => 1,
 	    },
+	    fingerprint => PVE::JSONSchema::get_standard_option('fingerprint-sha256', {
+		optional => 1,
+	    }),
+	    'use_ssh' => {
+		type => 'boolean',
+		description => "Always use SSH to join, even if peer may do it over API.",
+		optional => 1,
+	    },
 	},
     },
     returns => { type => 'null' },
@@ -260,14 +274,35 @@ __PACKAGE__->register_method ({
 
 	my $nodename = PVE::INotify::nodename();
 
-	PVE::Cluster::setup_sshd_config();
-	PVE::Cluster::setup_rootsshconfig();
-	PVE::Cluster::setup_ssh_keys();
-
-	PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
-
 	my $host = $param->{hostname};
 
+	PVE::Cluster::assert_joinable($param->{ring0_addr}, $param->{ring1_addr}, $param->{force});
+
+	if (!$param->{use_ssh}) {
+	    print "Please enter superuser (root) password for '$host':\n";
+	    my $password = PVE::PTY::read_password("Password for root\@$host: ");
+
+	    delete $param->{use_ssh};
+	    $param->{password} = $password;
+
+	    eval { PVE::API2::ClusterConfig->join($param) };
+
+	    if (my $err = $@) {
+		if (ref($err) eq 'PVE::APIClient::Exception' && $err->{code} == 501) {
+		    $err = "Remote side is not able to use API for Cluster join!\n" .
+		           "Pass the 'use_ssh' switch or update the remote side.\n";
+		}
+		die $err;
+	    }
+	    return; # all OK, the API join endpoint successfully set us up
+	}
+
+	# allow fallback to old ssh only join if wished or needed
+
+	PVE::Cluster::setup_sshd_config();
+	PVE::Cluster::setup_rootsshconfig();
+	PVE::Cluster::setup_ssh_keys();
+
 	# make sure known_hosts is on local filesystem
 	PVE::Cluster::ssh_unmerge_known_hosts();
 
-- 
2.14.2